Friday, March 22, 2013

How to create SFTP jailed user


If you want to setup an account on your system that will be used only to transfer files (and not to ssh to the system), you should setup SFTP Chroot Jail as explained here.

First create a user using useradd command with the home directory being the one which should we need to connect to.

Then open the configuration file /etc/ssh/sshd_config
Modify the the /etc/ssh/sshd_config file and comment out the following line:
#Subsystem       sftp    /usr/libexec/openssh/sftp-server
Next, add the following line to the /etc/ssh/sshd_config file
Subsystem       sftp    internal-sftp
Match User username
    ChrootDirectory Directory name
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp
Save and restart sshd
If you are getting errors then please turn on the ssh debuggin by 
Set the log level to DEBUG in /etc/ssh/sshd_config and restart 
ssh then try connecting again, check /var/log/auth.log for debugging 
info which may give more information.
Make sure that the permission of the folders and sub folders should be root:root

No comments:

Post a Comment